ansible/playbooks/groups/proxies.yml

# create a new proxy server

- name: make new proxy server
  hosts: proxies-stg
  user: root
  gather_facts: False

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
  - include: "{{ tasks }}/virt_instance_create.yml"

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

- name: make the box be real
  hosts: proxies-stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - base
  - hosts
  - rkhunter
  - nagios_client
  - fas_client
  - collectd/base
  - sudo

  tasks:
  - include: "{{ tasks }}/yumrepos.yml"
  - include: "{{ tasks }}/2fa_client.yml"
  - include: "{{ tasks }}/motd.yml"

  handlers:
  - include: "{{ handlers }}/restart_services.yml"


  # TODO
  #
  # - handle httpd::mime-type for site icons
  #
  # - fedora-web::build (bapp0*)
  #
  # - fedora-docs::proxy
  #
  # - smolt::proxy
  #
  # - packages::proxy::bugz
  # - haproxy::proxy
  # - fingerprints::proxy
  # - gather-easyfix::proxy
  # - fedmsg::proxy-crl
  # - review-stats::proxy
  # - membership-map::proxy
  #
  # - httpd::nagios-proxy
  # - httpd::mailman-proxy
  # - httpd::status
  #
  # - domainnotarget stuff
  # - domainrewrite stuff
  #
  # - sysctl ip_conntrack_max bits
  # - iptables rules for fedmsg inbound
  # - sebooleans
  # - semanage_port
  # - semanagefcontext
  # - geoipwsgi app itself


# After setting up the "basics" of the proxy hosts above, here below we break
# out the proxy-specific configuration into a couple different sub-playbooks.
# Othewise, this file would be unbearably long.

- include: proxies-certificates.yml
- include: proxies-websites.yml
- include: proxies-reverseproxy.yml
- include: proxies-redirects.yml
- include: proxies-fedora-web.yml